Massive Summer Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: netdisc

Isaca CGEIT Certified in the Governance of Enterprise IT Exam Exam Practice Test

Demo: 61 questions
Total 413 questions

Certified in the Governance of Enterprise IT Exam Questions and Answers

Question 1

After shifting from lease to purchase of IT infrastructure and software licenses, an enterprise has to pay for unexpected lease extensions causing significant cost overruns. The BEST direction for the IT steering committee would be to establish;

Options:

A.

an end-of-life program to remove aging infrastructure from the environment.

B.

budget cuts to compensate for the cost overruns.

C.

a program to annually review financial policy on overruns.

D.

a policy to consider total cost of ownership (TCO) in investment decisions.

Question 2

To minimize the potential mishandling of customer personal information in a system located in a country with strict privacy regulations which of the following is the BEST action to take?

Options:

A.

Update the information architecture

B.

Revise the IT strategic plan

C.

Implement data loss prevention (DLP)

D.

Establish new IT key risk indicators (KRIs)

Question 3

An enterprise is concerned with the potential for data leakage as a result of increased use of social media in the workplace, and wishes to establish a social media strategy. Which of the following should be the MOST important consideration in developing this strategy?

Options:

A.

Criticality of the information

B.

Ensuring that the enterprise architecture (EA) is updated

C.

Data ownership

D.

The balance between business benefits and risk

Question 4

Which of the following should be the MOST important consideration when defining an information architecture?

Options:

A.

Frequency and quantity of information updates

B.

Information to justify business cases

C.

Incorporation of emerging technologies

D.

Access to and exchange of information

Question 5

Which of the following MOST effectively demonstrates operational readiness to address information security risk issues?

Options:

A.

Executive management has announced an information security risk initiative.

B.

IT management has communicated the need for information security risk management to the business.

C.

A policy has been communicated stating enterprise commitment and readiness to address information security risk.

D.

Procedures have been established for assessing and mitigating information security risks.

Question 6

An audit report has revealed that data scientists are analyzing sensitive "big data" files using an offsite cloud because corporate servers do not have the necessary processing capabilities. A review of policies indicates this practice is not prohibited. Which of the following should be the FIRST strategic action to address the report?

Options:

A.

Authorize a risk analysis of the practice.

B.

Update data governance practices.

C.

Revise the information security policy.

D.

Recommend the use of a private cloud.

Question 7

Which of the following is MOST important to the successful implementation of enterprise architecture (EA)?

Options:

A.

Developing data modeling tools

B.

Managing the challenge of change

C.

Reducing the cost of IT investments

D.

Establishing key performance indicators (KPIs)

Question 8

Which of the following is the BEST method for determining an enterprise's current appetite for risk?

Options:

A.

Interviewing senior management

B.

Evaluating the balanced scorecard

C.

Reviewing recent audit findings

D.

Assessing social media adoption

Question 9

A root-cause analysis indicates a major service disruption due to a lack of competency of newly hired IT system administrators. Who should be accountable for resolving the situation?

Options:

A.

HR training director

B.

HR recruitment manager

C.

Chief information officer

D.

(CIO) Business process owner

Question 10

Establishing a uniform definition for likelihood and impact through risk management standards PRIMARILY addresses which of the following concerns?

Options:

A.

Inconsistent categories of vulnerabilities

B.

Conflicting interpretations of risk levels

C.

Inconsistent data classification

D.

Lack of strategic IT alignment

Question 11

Which of the following would BEST help to improve an enterprise's ability to manage large IT investment projects?

Options:

A.

Creating a change management board

B.

Reviewing and evaluating existing business cases

C.

Implementing a review and approval process for each phase

D.

Publishing the IT approval process online for wider scrutiny

Question 12

Results of an enterprise's customer survey indicate customers prefer using mobile applications. However, this same survey shows the enterprise's mobile applications are considered inferior compared to legacy browser-based applications. Which of the following should be the FIRST step in creating an effective long-term mobile application strategy?

Options:

A.

Establish service level agreements (SLAs) with the development team.

B.

Identify key risks and mitigation strategies for mobile applications.

C.

Implement key performance indicators (KPIs) that include application quality.

D.

Identify business requirements concerning mobile applications.

Question 13

Which of the following components of a policy BEST enables the governance of enterprise IT?

Options:

A.

Disciplinary actions

B.

Regulatory requirements

C.

Roles and responsibilities

D.

Terms and definitions

Question 14

The MOST effective way to ensure that IT supports the agile needs of an enterprise is to:

Options:

A.

perform process modeling.

B.

outsource infrastructure management.

C.

develop a robust enterprise architecture (EA).

D.

implement open source systems.

Question 15

Which of the following is the BEST way to ensure the continued usefulness of IT governance reports for stakeholders?

Options:

A.

Conduct quarterly audits and adjust reporting based on findings.

B.

Establish a standard process for providing feedback.

C.

Rely on IT leaders to advise when adjustments should be made.

D.

Issue frequent service level satisfaction surveys.

Question 16

Which of the following would BEST enable business innovation through IT?

Options:

A.

Outsourcing of IT to a strategic business partner

B.

Business participation in IT strategy development

C.

Adoption of a standardized business development life cycle

D.

IT participation in business strategy development

Question 17

When preparing a new IT strategic plan for board approval, the MOST important consideration is to ensure the plan identifies:

Options:

A.

roles and responsibilities that link to IT objectives.

B.

specific resourcing requirements for identified IT projects.

C.

frameworks that will be aligned to IT programs.

D.

implications of the strategy on the procurement process.

Question 18

Which of the following would be the BEST way to facilitate the adoption of strong IT governance practices throughout a multi-divisional enterprise?

Options:

A.

Ensuring each divisional policy is consistent with corporate policy

B.

Ensuring divisional governance fosters continuous improvement processes

C.

Mandating data standardization across the distributed enterprise

D.

Documenting and communicating key management practices across divisions

Question 19

The CIO of a global technology company is considering introducing a bring your own device (BYOD) program. What should the CIO do FIRST?

Options:

A.

Ensure the infrastructure can meet BYOD requirements.

B.

Establish a business case.

C.

Define a clear and inclusive BYOD policy.

D.

Focus on securing data and access to data.

Question 20

An enterprise made a significant change to its business operating model that resulted in a new strategic direction. Which of the following should be reviewed FIRST to ensure IT congruence with the new business strategy?

Options:

A.

IT risk appetite

B.

Enterprise project management framework

C.

IT investment portfolio

D.

Information systems architecture

Question 21

The board of a start-up company has directed the CIO to develop a technology resource acquisition and management policy. Which of the following should be the MOST important consideration during the development of this policy?

Options:

A.

Enterprise growth plans

B.

Industry best practices

C.

Organizational knowledge retention

D.

IT staff competencies

Question 22

Which of the following would be of MOST concern regarding the effectiveness of risk management processes?

Options:

A.

Key risk indicators (KRIs) are not established.

B.

Risk management requirements are not included in performance reviews.

C.

The plans and procedures are not updated on an annual basis.

D.

There is no framework to ensure effective reporting of risk events.

Question 23

An enterprise is developing an ethics program, and the ethical standards have been defined. Which of the following should the enterprise do NEXT?

Options:

A.

Establish a training and awareness program focused on ethics.

B.

Implement an enterprise-wide employee monitoring program.

C.

Develop key performance indicators (KPIs) for program implementation.

D.

Outline and document consequences for noncompliance.

Question 24

An enterprise experiencing issues with data protection and least privilege is implementing enterprise-wide data encryption in response. Which of the following is the BEST approach to ensure all business units work toward remediating these issues?

Options:

A.

Develop key performance indicators (KPIs) to measure enterprise adoption.

B.

Integrate data encryption requirements into existing and planned projects.

C.

Assign owners for data governance initiatives.

D.

Mandate the creation of a data governance framework.

Question 25

Which of the following BEST reflects mature risk management in an enterprise?

Options:

A.

A regularly updated risk register

B.

Ongoing risk assessment

C.

Ongoing investment in risk mitigation

D.

Responsive risk awareness culture

Question 26

The PRIMARY benefit of integrating IT resource planning into enterprise strategic planning is that it enables the enterprise to:

Options:

A.

allocate resources efficiently to achieve desired goals.

B.

adjust business goals depending upon resource availability.

C.

prioritize resource allocation based on sourcing strategy.

D.

develop tactical plans to achieve resource optimization.

Question 27

Which of the following is the MOST important, characteristic of a well-defined information architecture?

Options:

A.

It addresses key stakeholder requirements.

B.

It ensures compliance with regulations.

C.

It enables achievement of service level agreements (SLAs).

D.

It supports IT strategic goals.

Question 28

Which of the following is the BEST indication of effective IT-business strategic alignment?

Options:

A.

Business management is involved as IT strategies are developed.

B.

IT senior management is required to report to the board.

C.

Business strategy is documented to allow IT architecture to be designed quickly.

D.

IT-business collaboration results in a strategy focused on IT cost reduction.

Question 29

Which of the following should be the FIRST consideration for an enterprise faced with a pandemic situation resulting in a mandatory remote work environment?

Options:

A.

Reviewing and testing disaster recovery plans (DRPs)

B.

Ensuring staff has the necessary technology to be productive

C.

Ensuring remote work policies are updated and communicated

D.

Revising IT performance monitoring metrics

Question 30

Which of the following provides the BEST evidence of effective IT governance?

Options:

A.

Cost savings and human resource optimization

B.

Business value and customer satisfaction

C.

IT risk identification and mitigation

D.

Comprehensive IT policies and procedures

Question 31

Which of the following is the BEST approach to assist an enterprise in planning for iT-enabled investments?

Options:

A.

Enterprise architecture (EA) .

B.

IT process mapping

C.

Task management

D.

Service level management

Question 32

A global financial institution has decided to integrate data from branch locations into a common database to address regulatory reporting requirements. Analysis of data flows and the full data life cycle should be conducted at which level?

Options:

A.

Transaction level

B.

Enterprise level

C.

Branch level

D.

Department level

Question 33

A global enterprise is experiencing an economic downturn and is rapidly losing market share. IT senior management is reassessing the core activities of the business, including IT, and the associated resource implications. Management has decided to focus on its local market and to close international operations. A critical issue from a resource management perspective is to retain the most capable staff. This is BEST achieved by:

Options:

A.

reviewing current goals-based performance appraisals across the enterprise.

B.

ranking employees across the enterprise based on their compensation.

C.

ranking employees across the enterprise based on length of service.

D.

retaining capable staff exclusively from the local market.

Question 34

Which of the following would provide the BEST input for prioritizing strategic IT improvement initiatives?

Options:

A.

Business dependency assessment

B.

Business process analysis

C.

Business case evaluation

D.

Business impact analysis (BIA)

Question 35

Which of the following would BEST support an enterprise's initiative to incorporate desired organizational behaviors into the IT governance framework?

Options:

A.

Enterprise code of ethics

B.

Risk mitigation strategies and action plans

C.

Documented consequences for noncompliance

D.

Enterprise RACI matrix

Question 36

Which of the following is the BEST justification for a procurement manager to agree to purchase IT equipment from a specific vendor during a sales promotion?

Options:

A.

The IT benefit surpasses the business benefit from the purchase.

B.

The equipment adds value to the enterprise.

C.

The business profit surpasses the IT cost for the equipment.

D.

The product is offered at the lowest price.

Question 37

In an enterprise that has worldwide business units and a centralized financial control model, which of the following is a barrier to strategic alignment of business and IT?

Options:

A.

Each business unit has its own steering committee for IT investment and prioritization.

B.

Uniform portfolio management is in place throughout the business units.

C.

IT is the exclusive provider of IT services to the business units.

D.

The enterprise's CIO is a member of the executive committee.

Question 38

An enterprise's executive team has recently released a new IT strategy and related objectives. Which of the following would be the MOST effective way for the CIO to ensure IT personnel are supporting the new strategy's objectives?

Options:

A.

Measure progress towards IT objectives and communicate the results to IT staff.

B.

Incorporate IT objectives into individual performance evaluations.

C.

Develop communication materials to promote the new IT strategy and objectives.

D.

Require IT managers to assign activities aligned to the IT objectives.

Question 39

An enterprise has decided to implement an IT risk management program After establishing stakeholder desired outcomes, the MAIN goal of the IT strategy committee should be to:

Options:

A.

identify business data that requires protection.

B.

perform a risk analysis on key IT processes

C.

implement controls to address high risk areas

D.

ensure IT risk alignment with enterprise risk

Question 40

Which of the following is the BEST way to maximize the value of an enterprise’s information aseet base?

Options:

A.

Seek additional opportunities to leverage existing information assets .

B.

Facilitate widespread user access to ail information assets

C.

Regularly purge information assets to minimize maintenance costs

D.

Implement an automated information management platform

Question 41

A CIO must determine if IT staff have adequate skills to deliver on key strategic objectives. Which of the following will provide the MOST useful information?

Options:

A.

Employee performance metrics

B.

Project risk reports

C.

Gap analysis results

D.

Training program statistics

Question 42

A multinational enterprise recently purchased a large company located in a different country. When introducing the concept of governance to the new acquisition, it is MOST important that executive management recognize:

Options:

A.

language differences.

B.

the use of international standards.

C.

the impact of cultural changes.

D.

globally recognized good practices.

Question 43

Which of the following BEST facilitates governance oversight of data protection measures?

Options:

A.

Information ownership

B.

Information classification

C.

Information custodianship

D.

Information life cycle management

Question 44

Which of the following should be the FIRST action taken by a newly formed IT governance committee to ensure reports are compliant with regulations and identify key IT risks?

Options:

A.

Direct the development of a reporting communication plan.

B.

Develop and monitor IT key risk indicator (KRI) triggers.

C.

Train end users on regulation requirements.

D.

Implement a mechanism to ensure reporting escalation.

Question 45

An IT manager is trying to determine optimal IT service levels. Which of the following should be the PRIMARY consideration?

Options:

A.

Internal rate of return

B.

Recovery time objective (RTO)

C.

Cost-benefit analysis

D.

Resource utilization analysis

Question 46

When conducting a risk assessment in support of a new regulatory requirement, the IT risk committee should FIRST consider the:

Options:

A.

disruption to normal business operations.

B.

risk profile of the enterprise.

C.

readiness of IT systems to address

D.

the risk cost burden to achieve compliance.

Question 47

To ensure that information can be traced to the originating event and accountable parties, an enterprise should FIRST:

Options:

A.

capture source information and supporting evidence.

B.

improve business process controls.

C.

review information event logs tor potential incidents.

D.

review retention requirements for source information.

Question 48

The PRIMARY objective of promoting business ethics within the IT enterprise should be to ensure:

Options:

A.

trust among internal and external stakeholders.

B.

employees act more responsibly.

C.

corporate social responsibility.

D.

legal and regulatory compliance.

Question 49

An enterprise has learned of a new regulation that may impact delivery of one of its core technology services Which of the following should the done FIRST?

Options:

A.

Update the risk management framework

B.

Determine whether the board wants to comply with the regulation

C.

Assess the risk associated with the new regulation

D.

Request an action plan from the risk team

Question 50

An IT steering committee is concerned that enterprise technologies have grown stagnant and are outdated. Which of the following is the BEST strategy to invest in modern technology?

Options:

A.

Decrease spending on steady state and increase spending on modernization and enhancements.

B.

Redefine the target architecture to define new technologies that can be incorporated into the infrastructure.

C.

Create a new investment category for innovation that becomes a new way for tracking investment decisions.

D.

Update the IT human resource management plan to require training and development for emerging technologies.

Question 51

Best practice states that IT governance MUST:

Options:

A.

enforce consistent policy across the enterprise.

B.

be applied in the same manner throughout the enterprise.

C.

apply consistent target levels of maturity to processes.

D.

be a component of enterprise governance.

Question 52

The responsibility for the development of a business continuity plan (BCP) is BEST assigned to the:

Options:

A.

business risk manager.

B.

business owner.

C.

chief executive officer (CEO).

D.

IT systems owner.

Question 53

An enterprise considers implementing a system that uses a technology that is not in line with its IT strategy. The business case indicates significant benefit to the enterprise. Which of the following is the BEST way to manage this situation within an IT governance framework?

Options:

A.

Update the IT strategy to align with the new technology.

B.

Initiate an operational change request.

C.

Reject based on non-alignment.

D.

Address as part of an architecture exception process.

Question 54

Which of the following is the PRIMARY purpose of information governance?

Options:

A.

To develop control procedures that help ensure information is adequately protected throughout its life cycle

B.

To monitor the processes that deliver and enhance the value of information assets

C.

To set direction for information management capabilities through prioritization and decision making

D.

To ensure regulatory compliance is maintained while optimizing the utilization of information

Question 55

Which of the following should be the PRIMARY basis for establishing categories within an information classification scheme?

Options:

A.

Information architecture

B.

Industry standards

C.

Information security policy

D.

Business impact

Question 56

Which of the following is the BEST approach to assist an enterprise in planning for iT-enabled investments'?

Options:

A.

Enterprise architecture (EA).

B.

IT process mapping

C.

Task management

D.

Service level management

Question 57

An enterprise incurred penalties for noncompliance with privacy regulations. Which of the following is MOST important to ensure appropriate ownership of access controls to address this deficiency?

Options:

A.

Authenticating access to information assets based on roles or business rules.

B.

Implementing multi-factor authentication controls

C.

Granting access to information based on information architecture

D.

Engaging an audit of logical access controls and related security policies

Question 58

While assessing the feasibility of introducing new IT practices and standards into the IT governance framework, it is CRITICAL to understand an organization's:

Options:

A.

culture.

B.

level of outsourcing.

C.

enterprise architecture (EA).

D.

maturity of IT processes.

Question 59

Which of the following IT governance actions would be the BEST way to minimize the likelihood of IT failures jeopardizing the corporate value of an IT-dependent organization?

Options:

A.

Implement an IT risk management framework.

B.

Install an IT continuous monitoring solution.

C.

Define IT performance management measures.

D.

Benchmark IT strategy against industry peers.

Question 60

Which of the following BEST reflects the ethical values adopted by an IT organization?

Options:

A.

IT principles and policies

B.

IT balanced scorecard

C.

IT governance framework

D.

IT goals and objectives

Question 61

An enterprise is evaluating a Software as a Service (SaaS) solution to support a core business process. There is no outsourcing governance or vendor management in place. What should be the CEO's FIRST course of action?

Options:

A.

Ensure the roles and responsibilities to manage service providers are defined.

B.

Establish a contract with the SaaS solution provider.

C.

Instruct management to use the standard procurement process.

D.

Ensure the service level agreements (SLAs) for service providers are defined.

Demo: 61 questions
Total 413 questions